pass of this link pls https://mega.nz/#!BIZTULwQ!QTTnaXRRM...2NwT35FIvWOk3s
pass of this link pls https://mega.nz/#!BIZTULwQ!QTTnaXRRM...2NwT35FIvWOk3s
Actually, I found a way to patch harcoded IP even in themida packed clients like AK.to and FFT AK.Originally Posted by Hycker
Here I'm only going to talk about the FFT client, but I believe they are the same.
Basically you do a global search after the client fully unpacked in memory. something like "xxx.xxx.xxx.xxx" for their hard coded ip address as string. Once you got it, you can trace back until you found something like game.bin + 0x12212122. which is the fixed offset from base memory.
To crack themida is too painful so why don't we just write a memory patcher? After it loads and before login to server, execute your memory patcher, in my case it was something like
jump->game.bin+0x122222-> read value+0xC->read value->read value-> +4 for ip and +70 for port
I'm pretty sure it would be way easier than cracking the themida. I have successfully using the client from FFT to login into my own server.
(They are both 2.0 version but with v90 map)
I hope this can also work on your unreleased server files.
EDIT1: just tried ak.to
a quick test using ce, global search for "149.202.201.194" and replace with your own ip.
tried to connect with 2.0 server, get a deserialize error at server side.
tried with hk 3.0 server, again deserialize error.
using official hk 3.0 client you get a different error after passing the login server (while ak.to doesn't get pass login server)
ak.to probably made some changes to the game.bin file to change to login ticket structure.
the only thing we can do is to patch the server binaries to ignore this error(which is problematic)
Mean while in China, tons of v95 private servers are popping up. I'm really curious where did they get the server files.
Last edited by mistree; 04-08-17 at 08:27 PM.
Now this is interesting. Saw another user talking about the generated ticket and according to him, you need to find the ticket checking function via IDA and invalidate it, and that should hopefully make newer clients work.Actually, I found a way to patch harcoded IP even in themida packed clients like AK.to and FFT AK.
Here I'm only going to talk about the FFT client, but I believe they are the same.
Basically you do a global search after the client fully unpacked in memory. something like "xxx.xxx.xxx.xxx" for their hard coded ip address as string. Once you got it, you can trace back until you found something like game.bin + 0x12212122. which is the fixed offset from base memory.
To crack themida is too painful so why don't we just write a memory patcher? After it loads and before login to server, execute your memory patcher, in my case it was something like
jump->game.bin+0x122222-> read value+0xC->read value->read value-> +4 for ip and +70 for port
I'm pretty sure it would be way easier than cracking the themida. I have successfully using the client from FFT to login into my own server.
(They are both 2.0 version but with v90 map)
EDIT1: just tried ak.to
a quick test using ce, global search for "149.202.201.194" and replace with your own ip.
tried to connect with 2.0 server, get a deserialize error at server side.
tried with hk 3.0 server, again deserialize error.
using official hk 3.0 client you get a different error after passing the login server (while ak.to doesn't get pass login server)
ak.to probably made some changes to the game.bin file to change to login ticket structure.
the only thing we can do is to patch the server binaries to ignore this error(which is problematic)
Mean while in China, tons of v95 private servers are popping up. I'm really curious where did they get the server files.
I believe that the newer server bins are released somewhere. Just gotta search for them in the chinese forums.
I did a bit of digging into ak.to client and found this.
And from another debug string their Launcher is compiled from the same source folder.
Now I'm pretty sure they have the complete source code for it.
When it comes to the Ticket, I guess you are talking about this method, I have renamed it a bit in IDA so it's more clear.
Here are part of the ticket checking part for zone server.
Here is when it returns valid.
But I think the problem is beyond that.
I tried to capture the packets. A 3.0 client ( the one with new class and everything) seems not responding to the 2.0 server after selecting the world. I compared it with packets captured from official HK server login and found it's different. Although you can pass login, but there's already an error thrown within the client ( found using x64dbg).
For all games developed by xlengeds they share the same structure for client and server. The first packet is always the RSA public key encrypted RC4 key, after the server received the packet it will decrypt it using their RSA private key and use that RC4 key for the following communications.
It's possible they changed their keys, since on server side they only verify the key length but not the content, the client might be expecting something encrypted with different RC4 key.
If that's case, we need to patch the client RSA public key.
It's also possible that the login procedure changed they might added a few more packets for verification.
Still need more studies.
I don't know if it worth the efforts to fix it. I was thinking maybe it's better to write a whole new server emulator using all the source we have from IDA, since it will work on all xlegends games.
Eternal Eden
Twin Sage
7th Darkness ( currently JP only)
We could unpack the client to update the server database since they are the same. It might take more time but with all games supported it's absolutely worth it.
Last edited by mistree; 07-08-17 at 03:21 AM.
Guys I found this on chinese forum
Link: https://pan.baidu.com/s/1bozHTIf Password: yjy8
Source:
[New(August)]幻想神域单机版 3D网游镜像端 仿龙之谷 GM游戏金币元气点玩游【端游单机】游尘网
[Old(February)]幻想神域单机版 3D网游镜像端网游单机 GM游戏金币元气点踏月【端游单机】游尘网
Client went up to 5.42G while server is 2.05G from his old post with 5.41G and 1.85G
PS:It doesn't have the latest class and haven't tested it. Hope someone makes a mirror at mega
Last edited by idextroyer; 03-09-17 at 07:47 PM.
downloading when do i reup to mega or google driver
uploading but this file had nothing new .
Thanks @kbnnlan
hpw to add a new class to the files?
sorry for late :https://drive.google.com/open?id=0B7...DA2Wjl5UFNFbXM
hi,
Pls reup to mega or google driver for Client
Thx
Hello guys I stumbled another chinese files
幻想神域局域一键端 - 全网游源 GSC联合 - 精品游戏源码
Anyone knows what is this about?
Google Translate shows about handsword weapon i guess that is holy sword? v90? But I can't download it cause it need forum currency :(
Last edited by idextroyer; 25-10-17 at 06:12 AM.
Interesting. Good job on finding this!Hello guys I stumbled another chinese files
幻想神域局域一键端 - 全网游源 GSC联合 - 精品游戏源码
Anyone knows what is this about?
Google Translate shows about handsword weapon i guess that is holy sword? v90? But I can't download it cause it need forum currency :(
Edit: Mistake
Last edited by idextroyer; 25-10-17 at 03:34 PM. Reason: Misleading info
ffo.changyou.com is official server
http://www.x-legend.tw/04games/games_7.php
Reply With Quote
